<?php
/**
 *	description:ZMAXWECHAT WECHATLIB
 *  author：min.zhang
 *  Email:zhang19min88@163.com
 *	Url:http://www.zmax99.com
 *  copyright:南宁市程序人软件科技有限责任公司保留所有权利
 *  date:2016-05-01
 *  @license GNU General Public License version 3, or later
 *  chcker :min.zhang
 *  check date:2016-05-26
 */
defined('_JEXEC') or die('You can not access this file!');
 
//define your token
define("TOKEN", "zmax99");

$wechatObj = new wechatCallbackapiTest();
$wechatObj->valid();

class wechatCallbackapiTest
{
	public function valid()
    {
		$app = JFactory::getApplication();
		$echoStr=$app->input->get("echostr" ,"","STRING");
        //$echoStr = $_GET["echostr"];

        //valid signature , option
        if($this->checkSignature()){
        	echo $echoStr;
        	exit;
        }
    }

    public function responseMsg()
    {
		//得到微信服务器的POST信息
		//get post data, May be due to the different environments
		$postStr = $GLOBALS["HTTP_RAW_POST_DATA"]; 
		
		//从POST数据中获得数据	      	
		if (!empty($postStr)){
                /* libxml_disable_entity_loader is to prevent XML eXternal Entity Injection,
                   the best way is to check the validity of xml by yourself */
               // libxml_disable_entity_loader(true);
              	$postObj = simplexml_load_string($postStr, 'SimpleXMLElement', LIBXML_NOCDATA); //加载一个XML对象
                $fromUsername = $postObj->FromUserName; //得到来自谁
                $toUsername = $postObj->ToUserName;//发送给谁的
                $keyword = trim($postObj->Content);//内容
                $time = time(); //得到当前的时间
                $textTpl = "<xml>
							<ToUserName><![CDATA[%s]]></ToUserName>
							<FromUserName><![CDATA[%s]]></FromUserName>
							<CreateTime>%s</CreateTime>
							<MsgType><![CDATA[%s]]></MsgType>
							<Content><![CDATA[%s]]></Content>
							<FuncFlag>0</FuncFlag>
							</xml>";             //文本的模板
				if(!empty( $keyword ))
                {
              		$msgType = "text";
                	$contentStr = "Welcome to wechat world!";
					
					//将类容输出到模板中
                	$resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr);
                	echo $resultStr; //返回
                }else{
                	echo "Input something...";
                }

        }else {
        	echo "";
        	exit;
        }
    }
	
	//	检查签名
	private function checkSignature()
	{
        
		//必须定义TOKEN
        if (!defined("TOKEN")) {
            throw new Exception('TOKEN is not defined!');
        }
        
		$app = JFactory::getApplication();
		$signature = $app->input->get("signature","","STRING");
        //$signature = $_GET["signature"]; //得到签名
		
		$timestamp = $app->input->get("timestamp","","STRING");
        //$timestamp = $_GET["timestamp"]; //得到时间戳
		
		$nonce = $app->input->get("nonce","","STRING");
        //$nonce = $_GET["nonce"]; //是否是一次性的
        		
		$token = TOKEN;
		$tmpArr = array($token, $timestamp, $nonce);
        // use SORT_STRING rule 
		//使用字符串排序
		sort($tmpArr, SORT_STRING);
		
		$tmpStr = implode( $tmpArr );
		$tmpStr = sha1( $tmpStr ); //使用shal运算，得到一个临时的签名
		
		if( $tmpStr == $signature ){
			return true;
		}else{
			return false;
		}
	}
}

?>